Today, I am continuing from my previous blog post and will explore more about the API calls and request payloads, which I extracted by decompiling the DLL. I will walk you through the APIs responsible for performing major operations and actions and explain how Sitecore Stream works under the hood.
This blog provides a detailed breakdown of all the API calls that are responsible for triggering key actions within Sitecore Stream, along with an example of a payload that illustrates how data flows throughout the system. If you are an aspiring developer or an architect looking to gain a better understanding of the inner workings of the Sitecore Stream platform for debugging, customization, or integration purposes then this post will be a valuable resource for you.
Let’s explore the mechanics of Sitecore Stream behind the scenes.
1. Authentication - Obtaining a Bearer Token
Before making any API calls, you must authenticate and obtain a bearer token. This is done using the Client Credentials Grant flow through Auth0.
Request:
Method: POST
Body:
{
"client_id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"client_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"audience": "https://api.sitecorecloud.io",
"grant_type": "client_credentials"
}Note: Replace client_id and client_secret with your own values. Refer to my previous blog, How to Install and Configure Sitecore Stream for Platform DXP, to learn how to obtain them.
Response:
Returns an access token (JWT), which should be included in the Authorization header as a Bearer token for all subsequent API calls.
2. Creating New Content Based on a Prompt
This API allows you to create a new variant of content using prompts and brand references. It is typically used to initiate AI-driven content generation.
Request:
Method: POST
Note: Replace [Organization_ID] with your actual organization ID. Refer to my previous blog, How to Install and Configure Sitecore Stream for Platform DXP, to learn how to obtain it.
Headers:
Authorization: Bearer [Access_Token]
Content-Type: application/json
Note: Replace [Access_Token] with the token obtained from the first API call (Authentication - Obtaining a Bearer Token).
Body:
{
"prompt": "My Organization Do and Donts",
"numberOfVariants": 1,
"references": [
{
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"type": "brandkit",
"path": "/api/brands/v1/organizations/[Organization_ID]/brandskits/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/references"
}
],
"fields": [
{
"name": "My Organization Do and Donts",
"value": ""
}
]
}Note: Replace xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx with your actual BrandKit ID. Also, replace [Organization_ID] with your organization's ID.
Response:
Returns the newly created content variant, generated using the BrandKit reference, from the Sitecore Stream API call.
3. Fetching All Generated Content Variants
This API allows you to retrieve all content variants created under a specific organization. It is useful for fetching personalization variants and viewing the history of all the activities performed.
Request:
Method: GET
Note: Replace [Organization_ID] with your actual organization ID. Refer to my previous blog, How to Install and Configure Sitecore Stream for Platform DXP, to learn how to obtain it.
Headers:
Authorization: Bearer [Access_Token]
Content-Type: application/json
Note: Replace [Access_Token] with the token obtained from the first API call (Authentication - Obtaining a Bearer Token).
Body:
No request body is required.
Response:
Returns all content variants generated under the specified organization.
Knowledge of the internal APIs that drive Sitecore Stream provides valuable insights into how the platform manages content creation and how brand-aligned variant generations are handled within the platform. Whether you're building integrations, troubleshooting workflows, or exploring automation opportunities, these endpoints offer a powerful foundation to extend and scale your digital experiences. These APIs are the robust base to build upon and scale your system.
If you’re interested in learning more about advanced API usage, integrating these APIs with your existing CMS workflows, or securing your calls following best practices, feel free to leave a comment - I’d be happy to explore it further in a follow-up post.
References
Install and configure Sitecore Stream for Platform DXP - https://doc.sitecore.com/xp/en/users/latest/sitecore-experience-platform/install-and-configure-sitecore-stream-for-platform-dxp.html